0
A publicly accessible server containing unique taxpayer registry identification numbers for Brazilian nationals has been discovered, placing as many as 120 million citizens at risk.
The ID numbers, known as Cadastro de Pessoas Físicas (CPFs) are issued by the Brazilian Federal Reserve to Brazilian citizens and tax-paying resident aliens, and are linked to aspects ranging from credit and debit history to employment details.
According to security firm InfoArmor, who discovered the incident, the information related to about 57 percent of Brazil’s population was leaked by a misconfigured server earlier this year.
After examinating the server, the researchers found that the “index.html” had been renamed to “index.html_bkp,” revealing the directory’s contents and giving unfettered access to anyone who knew the filename.